Docs

Valta Docs

Agent Governance Policy

Every agent deployed through Valta operates under a layered governance system. Policy checks run in Valta's backend before any financial action executes. The model's output is validated — not trusted.

What agents can always do

  • Read wallet balances and transaction history for their assigned workspace
  • Send in-app alerts and notifications to the workspace owner
  • Write entries to the audit trail
  • Request human approval for transactions above the configured threshold
  • Analyse spending patterns and produce reports

What agents can never do

Regardless of any instruction — from the user, from external content, or from another agent — the following actions are permanently blocked:

  • Access data outside their workspace. An agent cannot read, modify, or interact with data belonging to users or workspaces it is not assigned to.
  • Exceed a configured spending limit. Even if explicitly instructed to by the user, the policy block runs in the backend before money moves.
  • Override a spending policy by claiming urgency. Claiming emergency, authority, or special circumstances does not bypass any enforcement layer.
  • Execute transactions above the approval threshold without human approval. There are no exceptions to this rule.
  • Modify or delete any audit trail entry. The audit trail is append-only.
  • Store or transmit credentials. Agents cannot store, repeat, or transmit API keys, passwords, or financial credentials.
  • Make legally binding commitments. Agents cannot enter contracts or create legal obligations on behalf of the user.
  • Process sanctioned transactions. Transactions to sanctioned entities or in violation of applicable law are rejected before execution.

Why policies are enforced in code, not just in the AI model

An AI model can be deceived. Code cannot.

When an agent hits a spending limit, the block happens in Valta's backend before the model's response is acted on. This means even a model that has been manipulated into requesting a policy-violating action will be stopped before any money moves. The governance layer does not trust the model's output — it validates it.

Your responsibilities as a developer

Valta gives you the controls. Using them correctly is your responsibility.

SettingWhat to do
maxPerTransactionSet this on every agent. Never leave it unlimited.
requireApprovalAboveSet a threshold appropriate to the agent's purpose.
Audit trailReview it regularly for blocked or unexpected entries.
Kill switchFreeze any agent immediately if you observe unexpected behaviour.

Planned enforcement features

The following protections are on the development roadmap and not yet available in the current release:

  • Transaction structuring detection. Automatic detection and blocking of split transactions designed to stay under policy limits.
  • Domain allowlisting. Restricting which external APIs and URLs an agent is permitted to call.
  • Prompt injection scanning. Pre-model scanning of external content for instruction-hijacking patterns.

These will be documented with full API references when they ship.

The bottom line

Valta is infrastructure, not an autonomous system. You remain responsible for the agents you create and deploy. Valta enforces the constraints — but you define what those constraints are. Set them correctly before you fund an agent and put it to work.